[yast-commit] r53071 - in /trunk/security/src: Security.ycp complex.ycp levels.ycp

7 Nov 2008

Author: jsuchome
Date: Fri Nov  7 15:45:37 2008
New Revision: 53071

URL: http://svn.opensuse.org/viewcvs/yast?rev=53071&view=rev
Log:
- check more carefuly pam-config output
- remove GROUP_ENRYPTION from levels
- do not check service values against levels

Modified:
    trunk/security/src/Security.ycp
    trunk/security/src/complex.ycp
    trunk/security/src/levels.ycp

Modified: trunk/security/src/Security.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/security/src/Security.ycp?rev=53071&r1=53070&r2=53071&view=diff
==============================================================================

--- trunk/security/src/Security.ycp (original)
+++ trunk/security/src/Security.ycp Fri Nov  7 15:45:37 2008
@@ -123,7 +123,7 @@
     "LASTLOG_ENAB"			: "yes",
     "OBSCURE_CHECKS_ENAB"		: "yes",
     "PASSWD_ENCRYPTION"			: "blowfish",
-    "GROUP_ENCRYPTION"			: "des",
+    "GROUP_ENCRYPTION"			: "md5",
     "PASSWD_USE_CRACKLIB"		: "yes",
     "PASS_MAX_DAYS"			: "99999",
     "PASS_MIN_DAYS"			: "0",
@@ -157,6 +157,14 @@
 // the original settings
 map Settings_bak = Settings;
 
+// keys that should not be tested against predefined levels:
+// - GROUP_ENCRYPTION does not have UI for changing
+// - RUNLEVEL*_SERVICES have different syntax, are not saved in current form
+list<string> do_not_test = [ "GROUP_ENCRYPTION",
+	"RUNLEVEL3_MANDATORY_SERVICES", "RUNLEVEL5_MANDATORY_SERVICES",
+	"RUNLEVEL3_EXTRA_SERVICES", "RUNLEVEL5_EXTRA_SERVICES"
+];
+
 /**
  * Security settings locations
  */
@@ -432,14 +440,14 @@
     Settings ["PASSWD_REMEMBER_HISTORY"]	= "0";
     foreach (string val, pam_check_settings, {
 	list lval	= splitstring (val, "=");
-	if (issubstring (val, "minlen"))
+	if (issubstring (val, "minlen") && lval[1]:"" != "")
 	    Settings ["PASS_MIN_LEN"] = lval[1]:"5";
 	/* use cracklib? */
 	if (issubstring (val, "cracklib")) {
-	    Settings ["CRACKLIB_DICT_PATH"] = lval[1]:"/usr/lib/cracklib_dict";
+            Settings ["CRACKLIB_DICT_PATH"] = lval[1]:"/usr/lib/cracklib_dict";
 	    Settings ["PASSWD_USE_CRACKLIB"] = "yes";
 	}
-	if (issubstring (val, "remember="))
+	if (issubstring (val, "remember=") && lval[1]:"" != "")
 	    Settings ["PASSWD_REMEMBER_HISTORY"] = lval[1]:"0";
     });
 
@@ -675,11 +683,16 @@
  */
 global define list Summary() {
 
+    map settings = Security::Settings;
+    foreach (string key, Security::do_not_test, {
+        settings        = remove (settings, key);
+    });
+
     /* Determine current settings */
     any current = `custom;
     maplist(string key, map level, Levels, {
 	y2debug("%1=%2", key, level);
-	if(level == Settings)
+	if(level == settings)
 	    current = key;
     });
     y2debug("%1=%2", current, Settings);

Modified: trunk/security/src/complex.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/security/src/complex.ycp?rev=53071&r1=53070&r2=53071&view=diff
==============================================================================
--- trunk/security/src/complex.ycp (original)
+++ trunk/security/src/complex.ycp Fri Nov  7 15:45:37 2008
@@ -55,14 +55,19 @@
     string caption = _("Local Security Configuration");
     string help = HELPS["main"]:"";
 
+    map settings = Security::Settings;
+    foreach (string key, Security::do_not_test, {
+        settings        = remove (settings, key);
+    });
+
     /* Determine current settings */
     any current = `custom;
     maplist(string key, map level, Levels, ``{
 	y2debug("%1=%2", key, level);
-	if(level == Security::Settings)
+	if(level == settings)
 	    current = key;
     });
-    y2debug("%1=%2", "curren", Security::Settings);
+    y2debug("%1=%2",  current, Security::Settings);
 
     /* Create RB group from the list of settings */
     term RB = `VBox();

Modified: trunk/security/src/levels.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/security/src/levels.ycp?rev=53071&r1=53070&r2=53071&view=diff
==============================================================================
--- trunk/security/src/levels.ycp (original)
+++ trunk/security/src/levels.ycp Fri Nov  7 15:45:37 2008
@@ -56,6 +56,7 @@
 
     "Level1" : $[
 	"CONSOLE_SHUTDOWN"		: "reboot",
+	"CRACKLIB_DICT_PATH"		: "/usr/lib/cracklib_dict",
 	"CWD_IN_ROOT_PATH"		: "no",
 	"CWD_IN_USER_PATH"		: "no",
 	"DISPLAYMANAGER_REMOTE_ACCESS"	: "no",
@@ -63,7 +64,6 @@
 	"FAIL_DELAY"			: "1",
 	"GID_MAX"			: "60000",
 	"GID_MIN"			: "1000",
-	"GROUP_ENCRYPTION"		: "des",
 	"DISPLAYMANAGER_SHUTDOWN"	: "all",
 	"LASTLOG_ENAB"			: "yes",
 	"OBSCURE_CHECKS_ENAB"		: "yes",
@@ -107,7 +107,6 @@
 	"FAIL_DELAY"			: "6",
 	"GID_MAX"			: "60000",
 	"GID_MIN"			: "1000",
-	"GROUP_ENCRYPTION"		: "des",
 	"DISPLAYMANAGER_SHUTDOWN"	: "root",
 	"LASTLOG_ENAB"			: "yes",
 	"OBSCURE_CHECKS_ENAB"		: "yes",
@@ -151,7 +150,6 @@
 	"FAIL_DELAY"			: "3",
 	"GID_MAX"			: "60000",
 	"GID_MIN"			: "1000",
-	"GROUP_ENCRYPTION"		: "des",
 	"DISPLAYMANAGER_SHUTDOWN"	: "root",
 	"LASTLOG_ENAB"			: "yes",
 	"OBSCURE_CHECKS_ENAB"		: "yes",

-- 
To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org
For additional commands, e-mail: yast-commit+help@opensuse.org

    

[yast-commit] r53071 - in /trunk/security/src: Security.ycp complex.ycp levels.ycp

jsuchome＠svn.opensuse.org